Date AND Time Range

whathuh — Mon, 09 Sep 2013 21:39:47 GMT

I'm pretty new to Splunk, so hopefully this is an easy question. I've looked all over the community questions and I have no problems finding out how to search for ranges of dates OR times, but for the life of me I can't figure out how to do dates AND times.

Basically I want to search for two EventCodes: 4624 and 4634. Because there are several thousand results on any given week, my only real concern is WHEN they logged on. I need to know when these IDs were created between the hours of 1700 and 0500 each day. I'd like to run this scan weekly, so is there a way to do -7d AND between 1700 and 0500 the next day? I hope I'm articulating this correctly. Any help would be greatly appreciated.

-Adam

Re: Date AND Time Range

adrianathome — Mon, 09 Sep 2013 23:09:21 GMT

Adam,
This answer should point you in the right direction.

http://answers.splunk.com/answers/61365/getting-logs-for-after-hours-access

Re: Date AND Time Range

lukejadamec — Mon, 09 Sep 2013 23:20:50 GMT

I've been looking for that post for an hour since I saw this post.

topic Re: Date AND Time Range in Splunk Search

Date AND Time Range

Re: Date AND Time Range

Re: Date AND Time Range